devsafe scan
Discover every git repo on your machine and find out which ones are at risk from cloud sync corruption. Free to use, no account needed.
What it does
devsafe scan walks your filesystem starting from one or more root directories, finds every .git directory, and reports what it finds. For each repo, it checks whether the path falls inside a cloud-synced folder (iCloud Drive, Dropbox, OneDrive, or Google Drive). Repos inside those folders are at risk of .git corruption.
Cloud sync services like iCloud and Dropbox were designed for documents, not git repositories. They can silently corrupt your .git directory through lockfile races, partial pack writes, and ref pointer overwrites. Git's own documentation warns against this. devsafe scan finds the repos you need to worry about.
This command is completely free. It reads your filesystem and prints a report. It does not modify anything, upload anything, or require an account.
Usage
$ devsafe scan [root...]
If you don't pass any root directories, devsafe scan defaults to ~/Projects. You can pass one or more paths to scan specific locations.
# Scan the default location (~⁄Projects) $ devsafe scan # Scan a specific directory $ devsafe scan ~/Code # Scan multiple roots at once $ devsafe scan ~/Projects ~/Code ~/Work
Flags
| Flag | Default | Description |
|---|---|---|
--depth | 5 | Maximum directory depth to search. Increase this if your repos are deeply nested. |
--json | off | Output results as JSON instead of the default table format. Useful for piping into other tools. |
--quiet | off | Only print repos that have sync risk warnings. Hides safe repos. |
--no-color | off | Disable colored output. Automatically set when output is piped. |
--ignore | none | Skip directories matching this pattern. Can be used multiple times. |
Example output
Here is what a typical scan looks like on a machine with repos in both safe and risky locations.
$ devsafe scan ~/Projects ~/Documents scanning ~/Projects... scanning ~/Documents... repo path risk ───────────────────────────────────────────────────────────────────────────────── ✓ api-server ~/Projects/api-server none ✓ design-system ~/Projects/design-system none ✓ marketing-site ~/Projects/marketing-site none ⚠ client-app ~/Documents/client-app iCloud ⚠ freelance-project ~/Dropbox/code/freelance-project Dropbox ⚠ old-prototype ~/OneDrive/dev/old-prototype OneDrive found 6 repos (3 safe, 3 at risk) warning: 3 repos are inside cloud-synced folders. Cloud sync services can corrupt .git directories through lockfile races, partial pack writes, and ref pointer overwrites. Run "devsafe backup" to protect them.
How sync risk is detected
DevSafe checks whether each repo's path falls inside any of these known cloud sync directories:
- iCloud Drive -
~/Library/Mobile Documents/and~/Documents/(when Desktop & Documents sync is enabled) - Dropbox -
~/Dropbox/ - OneDrive -
~/OneDrive/ - Google Drive -
~/Google Drive/and~/My Drive/
If a repo is inside one of these folders, its .git directory is being synced by a service that was never designed for git's internal file structure. This is the single most common cause of silent git corruption on developer machines.
JSON output
Use the --json flag to get machine-readable output. This is useful for scripting or feeding results into other tools.
$ devsafe scan --json --quiet [ { "name": "client-app", "path": "/Users/you/Documents/client-app", "risk": "iCloud", "branches": 4, "last_commit": "2026-06-28T14:23:08Z" } ]
Related commands
devsafe scan tells you where your repos are and which ones are at risk. For a complete picture, pair it with these commands:
devsafe diagnosechecks the internal health of each.gitdirectory. It looks for signs of corruption that have already happened (broken pack files, dangling refs, missing objects).devsafe healthgives you an overall health score for each repo, combining sync risk, git integrity, and backup status into a single number.devsafe backupcreates encrypted git bundles of your repos and stores them in user-owned storage. This is the fix for sync risk.
devsafe scan, devsafe diagnose, and devsafe health are all free and work without any account or login. They only read your filesystem and never send data anywhere.
Install
If you haven't installed DevSafe yet, grab it with Homebrew.
$ brew install hxalabs/tap/devsafe
Then run devsafe scan to see what you're working with. No setup, no config, no account. Just answers.